Traefik HTTP/2 Denial-of-Service Vulnerability

0
211

Traefik HTTP/2 Denial-of-Service Vulnerability

Traefik HTTP/2 Denial-of-Service Vulnerability

Summary

This article provides a detailed technical explanation of the CVE-2023-54365 vulnerability in Traefik, which affects versions 2.10.5 and 3.0.0-beta4. The vulnerability allows remote attackers to rapidly create and cancel HTTP/2 streams, exhausting server resources and causing service unavailability.

What the vulnerability/exploit is about

Traefik before version 2.10.5 and 3.0.0-beta4 contains a denial-of-service vulnerability in its HTTP/2 request handling mechanism. This vulnerability arises from the Go standard library's implementation of HTTP/2, which can be exploited by attackers to rapidly create and cancel HTTP/2 streams.

Technical explanation for defenders

The vulnerability stems from how Traefik handles HTTP/2 requests. When a large number of HTTP/2 streams are created and then canceled rapidly, it exhausts server resources, leading to service unavailability. The Go standard library does not properly handle the cancellation of HTTP/2 streams, allowing attackers to create a large number of streams and then cancel them, causing the server to become unresponsive.

Rechercher
Catégories
Lire la suite
Cybersecurity
Ï╣┘å┘êϺ┘å (Ï»Ï▒ ┘üϺÏ▒Ï│█î)
Ï╣┘å┘êϺ┘å (Ï»Ï▒ ┘üϺÏ▒Ï│█î)Ï«┘äϺÏÁ┘ç (Ï»Ï▒ ┘üϺÏ▒Ï│█î)┘àϺ┘ç█îϬ ┘ê...
Par Mario Serrano 2026-06-30 17:55:21 0 53
Autre
Calculadora Científica Java: Operaciones y Registro de Resultados
Calculadora Científica JavaEsta calculadora científica desarrollada en Java permite realizar...
Par Mario Serrano 2026-06-30 03:38:22 0 472
Cybersecurity
Titolo (Italiano)
Titolo**Vulnerabilità CVE-2026-12866: Dettagli CVSS, EPSS e CISA Kev**SintesiLa vulnerabilità...
Par Mario Serrano 2026-06-30 06:16:01 0 77
Cybersecurity
Título (em português)
Título (em português)Sumário (em português)Este artigo explora a vulnerabilidade...
Par Mario Serrano 2026-06-30 05:37:05 0 51
Autre
Titel (in German)
Titel (in German)Zusammenfassung (in German)Dieser Artikel beschreibt die CVE-2026-12866 und ihre...
Par Mario Serrano 2026-06-30 05:48:55 0 54